Failure in depth: About getting the job done rather than looking for excuses


Most of us are sick to the teeth of listening to people pontificating about WannaCry/ Not WannaCry/ Petya etc. Vendors had a field day rushing to fill our inboxes with webinars and whitepapers. Security basics teach us Defence in Depth, the analogy of defending a castle … and we have all heard these banalities a thousand times before…

So, why in the month of May, when WannaCry hit, did we see mass panic. The UK’s NHS was badly hit. The Irish health service disconnected their entire network from the outside world for three days until they manually patched all their systems. Pictures emerged of ATMs and kiosks in train stations displaying the warning that they had been encrypted, with the usual demand of bitcoins to release control back to the owners. Both Renault and Honda had to stop production when their factories were hit, again adding fuel to the fire.

As of the 3rd June, MalwareTech’s website showed 430,000 infected PCs and over 1,600 systems still online. As an aside, MalwareTech is the online handle of Marcus Hutchins, the clever 22-year-old researcher who found WannaCry’s inbuilt kill switch, who has since been arrested after attending Defcon in Vegas.

Eugene Kaspersky has recently blogged that the code used in WannaCry was riddled with flaws, least of which the so-called “Kill Switch.” The jury is still out on the motives for including this function, with some speculating that it was an error to be intentionally included. Kaspersky provided his own opinions to AISA’s event in Sydney in June. Questions were raised as to how this, not very well written piece of code, managed to infect 400,000+ PCs, take down some of the world’s largest car factories and maintain its spot in the news headlines for so long. Motives, political or otherwise, always tie back to the conspiracy theories: Russia or North Korea were behind the attack. The fact that NSA leaked hacking code was used in the payload and it was mooted as a wiper rather than ransomware, was indeed suspicious (especially after the targeted attacks in the follow up that seemingly came from Russia). For sure, registering the kill switch potentially saved the day, and all the resulting WannaCry variants have been thrashed to death, so was all the panic necessary?…Click HERE to read full article.


Leave A Reply

14 − 13 =